-
Enhancement
-
Resolution: Fixed
-
P4
-
None
-
b06
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8056090 | 9 | Daniil Titov | P4 | Resolved | Fixed | b32 |
| JDK-8082318 | emb-9 | Daniil Titov | P4 | Resolved | Fixed | b32 |
| JDK-8063229 | 8u45 | Daniil Titov | P4 | Resolved | Fixed | b01 |
| JDK-8070630 | emb-8u47 | Daniil Titov | P4 | Resolved | Fixed | team |
The CN component of the subject field of a certificate is used as the Publisher name in a security dialog. If the CN field is missing, "Unknown" will be displayed, which is not user-friendly. Also there are additional components in the distinguished name that can be used to identify the certificate's subject.
If the CN field is empty, I think we should display the OU field (and maybe the O field as well).
This is likely to become a more common scenario. The CA/Browser Forum has made a recommendation discouraging the use of the CN field in section 9.2.2 of the baseline requirements v1.1.6 and 9.2.3 of the EV Code Signing Guidelines:
https://cabforum.org/Baseline_Requirements_V1.pdf
https://cabforum.org/wp-content/uploads/EV_Code_Signing_Guidelines_v1_1.pdf
If the CN field is empty, I think we should display the OU field (and maybe the O field as well).
This is likely to become a more common scenario. The CA/Browser Forum has made a recommendation discouraging the use of the CN field in section 9.2.2 of the baseline requirements v1.1.6 and 9.2.3 of the EV Code Signing Guidelines:
https://cabforum.org/Baseline_Requirements_V1.pdf
https://cabforum.org/wp-content/uploads/EV_Code_Signing_Guidelines_v1_1.pdf
- backported by
-
JDK-8056090 Security Dialogs should display OU/O field for Publisher if CN field is empty
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-